It was discovered that the Java Cryptography Extension (JCE)implementation in OpenJDK in some situations did guarantee sufficientstrength of keys during key agreement. An attacker could use thisto expose sensitive information.